European Cybersecurity Skills Framework (ECSF)

The European Cybersecurity Skills Framework (ECSF) is a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals.

The ECSF summarises all cybersecurity-related roles into 12 profiles, which are individually analysed into the details of their corresponding responsibilities, skills, synergies and interdependencies.  It provides a common understanding of the relevant roles, competencies, skills and knowledge required, facilitates recognition of cybersecurity skills, and supports the design of cybersecurity-related training programmes.

The framework is complemented by a user manual, which constitutes a practical guide to its utilisation, based on examples and use cases. The manual includes three examples for private organisations that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which reflect the experience of seven organisations using the ECSF in different contexts. 

A draft version of the framework was presented to the public in April 2022 via a webinar delivered by the experts of ENISA and the Ad-hoc working group on the Cybersecurity Skills Framework, which assisted ENISA in the creation of the ECSF.  

On 20 & 21 September 2022, the final version of the ECSF and its user manual were presented during the 1st ENISA cybersecurity skills conference.  

In April 2023, the Commission adopted a Communication on a Cybersecurity Skills Academy. This policy initiative aims to bring together existing initiatives on cyber skills and improve their coordination, in view of closing the cybersecurity talent gap and boosting EU’s competitiveness, growth and resilience. The ECSF plays a crucial role because it will be the basis for the Academy to define and assess relevant skills, monitor the evolution of the skill gaps and provide indications on the new needs.

The second edition of Cybersecurity Skills Conference has been recently announced and we invite stakeholders interested to share examples of implementation and adoption of the ECSF to apply as a speaker.

Closing remarks of the 1st ENISA conference on skills were delivered by Despina Spanou, Head of Cabinet for European Commission Vice-President Margaritis Schinas, who stated: " We now need to make sure that we address what could become our biggest challenge: how to have the right people with the right skills to shield our citizens and our economies from ever more pervasive cyberattacks across all critical sectors. On the eve of 2023 European Year of Skills, the European Cybersecurity Skills Framework will be a tangible tool to help identify the profiles of jobs that are the most necessary in the field. It can become an enabler of a common European language on cybersecurity skills across the whole European cyber ecosystem and a building block for the Commission’s work on a genuine Cybersecurity Skills Academy"

ECSF Goals in Brief

1. Use of the ECSF ensures a common terminology and shared understanding between the demand (workplace, recruitment) and supply (qualification, training) of cybersecurity professionals across the EU.  
2. The ECSF supports the identification of the critical skill sets required from a workforce perspective. It enables providers of learning programmes to support the development of this critical set of skills and helps policy-makers support targeted initiatives to mitigate the gaps identified in skills.  
3. The framework facilitates an understanding of leading cybersecurity professional roles and the essential skills they require, including soft skills, along with the legislative aspects (if any). In particular, it enables non-experts and HR departments to understand the requirements for resource planning, recruitment and career planning in supporting cybersecurity. 
4. The framework promotes harmonisation in cybersecurity education, training, and workforce development. At the same time, this common European language in the context of cybersecurity skills and roles connects well with the entire ICT professional domain.  
5. The ECSF contributes to achieving enhanced shielding against cyberattacks and to ensuring secure IT systems in society. It provides a standard structure and advice on how to implement capacity building within the European cybersecurity workforce. 

How ENISA will support the governance, implementation and evolution of the ECSF

A new AHWG has been established with the scope to assist ENISA in the governance, implementation and evolution of the ECSF and its overall goal to work with EU communities and develop cybersecurity competencies for cybersecurity professionals aligned with the ECSF.

More information about the ECSF

The framework consists of two documents: 

• The ECSF Role Profiles document – Listing the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, competences.
• The ECSF User Manual document – Providing guidance and practical examples on how to leverage the framework and benefit from it as an organisation, provider of learning programmes or individual.

You can also follow the recorded webinars to get a grasp on the ECSF:

• The principles, the vision, the structure and the benefits of the ECSF
• Assessing Cyber Skills on the basis of the ECSF
• Take a walk on the CISO side

Cyber Higher Education Database (CyberHEAD)

CyberHEAD lists the academic programmes available for cybersecurity in Europe. The tool offers search possibilities and many filters to help students find the programme that suits their interest.

The role profiles described in the European Cybersecurity Skills Framework will be used to develop a comprehensive and flexible curriculum guidance for academic institutions. The later will help students to make guided learning choices and understand the possible career paths,  and so bridge the gap between professional workplace and learning environments.

For any questions or further enquiries on the ECSF or CyberHEAD please contact us at euskills(a)enisa.europa.eu.